Transcript Chapter 10

Chapter 10
Selected Topics
1
Beans
• A bean is a prebuilt software component
that can be integrated with other
components in building an application.
• As part of a potentially serializable
application, a bean too should be
serializable.
– Serializability is the minimum condition for
being a bean.
2
Beans
• Beans can use the same programming
constructs and standard classes as other
program types.
• Beans leverage the basic event model for
interbean communication.
– Property change events are particularly useful
for bean communication.
3
Property change events
• Property change events conform to the
underlying event delegation model:
– An event source is an object whose property
changes have registered listeners.
– If a property change event fires, listeners are
notified by having the appropriate callback
method invoked automatically with a
PropertyChangeEvent argument.
4
Property change events
• Properties are defined in the standard way,
that is, through get/set method pairs.
• A bound property is a for which listeners
can register interest in change events.
– A constrained property can be changed only if
no registered listener vetoes the change.
5
Property sheets
• A well-implemented bean may have an
accompanying property sheet, which is a
GUI to support the visual editing of the
bean’s properties.
• The beanbox utility (available as part of the
Bean Development Kit from Sun) provides
a test container for beans together with a
property sheet for visual property editing.
6
Enterprise Java Beans
• EJB technology extends basic bean
technology to support the development and
especially the deployment of components
across a large enterprise.
– In particular, EJB technology provides
middleware infrastructure so that clients can
request services from location-transparent
components, which are the EJBs.
7
Summary of bean technology
• The strength of bean technology is that it
extends basic Java to support components.
• Bean technology is not a radical departure
from but rather an extension of Java
technology.
• The bean type is flexible. Recall that every
applet is also a bean.
8
Security
• Java has a hierarchy of security constructs,
from basic information hiding through the
bytecode verifier, class loader, security
manager, and access controller.
– The bytecode verifier performs run-time checks
on the bytecodes of all nonstandard classes. For
instance, the verifier checks that method
invocations are type safe.
9
Security manager
• The security manager determines at run
time which operations a program can
perform and prevents a program from
performing proscribed operations.
• The security manager uses an access
controller to implement a security policy in
high-level terms such as permissions.
10
Security manager
• As an example, consider an applet under
sandbox security that attempts to write to
the local disk. The security manager detects
the disallowed operation and throws an
AccessControlException to prevent
it.
11
Security manager
• In general, Java applications do not require
a security manager but can be provided one.
The basic approach is to
– Extend the SecurityManager class and
override inherited methods such as
checkWrite.
– An override throws a security exception to
disallow an operation such as writing.
12
Security manager
• The System class has a static method
setSecurityManager for setting a security
manager.
• RMI clients and servers typically set a
security manager to an
RMISecurityManager.
• Once set, a security manager cannot be
disabled.
13
Access controller
• The access controller provides high-level
constructs such as permissions (e.g.,
FilePermissions and
SocketPermissions) and policies for
implementing the appropriate security for a
program.
• The java.security and java.policy files allow
security policy to be set at the text file level.
14
Authentication
• Cryptography, or the science of secret
writing, is a broad field. This chapter
focuses on the subfield of authentication.
• Authentication is particularly important in
distributed applications in which a receiver
needs to authenticate that a message has
come from a particular sender.
– A message consists of arbitrary bytes.
15
Authentication
• Digital signatures provide high-level
support for authentication.
• A sender digitally signs a message.
• A receiver verifies that the received digital
signature is the expected sender’s digital
signature.
16
Digital signatures
• A digital signature is an encrypted message
digest.
• As the name suggests, a message digest is a
short or “digested” form of a message.
• In technical terms, a message digest is a
secure one-way function that takes arbitrary
size data as input and produces a fixedlength hash value as output.
17
Digital signatures
• A message digest is secure in that the
original message cannot be reconstructed
from the digest even if the underlying digest
algorithm is known.
• Java supports various message digest
algorithms such as MD5.
18
Digital signatures
• A digital signature for a message is
constructed by
– Generating a message digest from the message
data.
– Encrypting the message digest using an
encryption key.
• For distributed applications, public
encryption key systems are typically used.
19
Digital signatures
• In a public key encryption system, a key
pair consisting of a public and a private key
are generated.
• The sender’s private key is used to sign the
message.
• The corresponding public key is used by
receivers to verify the signature.
20
Digital signatures
• Java has library support for public/private
key pairs, digital signatures, and signature
verification.
• The code for generating key pairs, digitally
signing messages, and verifying digital
signatures is straightforward.
21
Digital signatures
• Given that kp refers to a KeyPair, the
code segment
Signature ds =
Signature.getInstance( “DSA” );
ds.initSign( kp.getPrivate() );
ds.update( myMessageBytes );
byte[ ] sig = ds.sign();
shows the syntax for a signing a message.
22
Digital signatures
• Given that kp refers to a KeyPair, the
code segment
Signature ds =
Signature.getInstance( “DSA” );
ds.initVerify( kp.getPublic() );
ds.update( byteArray );
boolean b = ds.verify( byteArray );
shows the syntax for a verifying signature.
23
Digital signatures
• Applets and other code or data that move
from one machine to another often need to
be digitally signed to assure the receiver
that the code or data can be trusted.
• Java’s support for digital signatures is
extensive, flexible, sophisticated, and highlevel.
24
Reflection
• Reflection technology allows a program to
obtain run-time type information about
classes, interfaces, and objects.
– For instance, reflection can be used to
determine an object’s class, the class’s scope,
the class’s superclass, whether the class
implements a particular interface, a list of class
members, and so forth.
25
Reflection
• Every object obj encapsulates a
getClass() method that returns a
reference to a Class object, which in turn
encapsulates information about obj’s class.
• The Class object then can be used to
gather run-time information about obj such
as its public instance methods and fields.
26
Reflection
• Suppose that ref refers to an Applet.
After the statement
Class c = ref.getClass();
executes, c refers to an object that has
information about the applet such as its
superclass: c.getSuperclass().
27
Reflection
• The java.reflect package has classes
such as Member, Method, and Field to
represent language constructs.
• The Class class and the reflection package
classes together deliver state-of-the-art
reflection technology in Java.
• Reflection is used extensively in utilities
such as the beanbox.
28
Servlets
• Servlet technology supports server-side
scripting under Java.
• Server-side scripting is a common
technology is modern Web-based
applications. In a typical scenario,
– A client browser downloads an HTML
document such as an order form
29
Servlets
– The form is filled in and submitted to the
server.
– A Web server program (e.g., Apache) receives
and client submission known as a request and
invokes a server-side program to process the
request.
– The program may access a database, generate
dynamic Web content to be sent back to the
client, and so forth.
30
Servlets
• Alternative technologies include CGI
scripting using C or Perl and Microsoft’s
ASP (Active Server Pages) technology.
• Servlet technology is augmented by JSP
(Java Server Pages), a scripting language
that generates servlets on the fly.
– JSP, at a technical level, is a servlet-generation
language.
31
Servlets
• Servlets have full access to standard class
libraries and programming constructs.
• Servlets are highly flexible. For instance, a
servlet could act as an RMI server, although
this represents a nonstandard use of the
technology.
32
Servlets
• Servlets, like applets, are typically launched
from an HTML document.
• Servlets, unlike applets, are meant to
execute on the server rather than on the
client.
• The servlet package includes a Servlet
interface and a concrete HttpServlet
class.
33
Servlets
• A typical servlet is constructed as follows:
– A public class extends HttpServlet. For
full customization, the class could directly
implement the Servlet interface.
– The methods doGet and doPost are
overridden to execute the same code (e.g., one
method might simply invoke the other). These
are the callbacks for client requests.
34
Servlets
– doGet and doPost each receive two
arguments, an HttpServletRequest and
an HttpServletResponse.
– The request argument encapsulates information
sent from the client to the server. The
getParameter method, also available in
applets, can be used to get particular pieces of
information.
35
Servlets
– The response argument has an associated
PrintWriter suitable for writing HTML and
plain text back to the client.
– In general, the request argument represents
bytes sent from the client to the server, whereas
the response argument enables bytes to sent
from the server back to the client.
36
Servlets and database
• Although servlets can execute arbitrary
code, they typically perform database
operations as part of handling client
requests.
• The java.sql package supports JDBC or
Java database technology.
37
Database
• JDBC technology requires a knowledge of
relational database technology in general
and of SQL (Structure Query Language) in
particular.
• JDBC support for databases is high-level
and flexible.
38
Database
• The basic steps in a JDBC program are
– The program loads the appropriate database
driver, software that enables the program to
interact with a particular database product.
– The program uses the DriverManager to
open a database connection.
– The program generates Statements such as a
SQL queries that can be executed.
39
Database
– If the executed statement is a query, the
statement returns a ResultSet or set of
database table records. The program processes
the records in an appropriate fashion.
– The program closes the database connection
once the connection is no longer needed.
40